Firms Address Cybersecurity Risks

An increasing number of leading global companies are investing greater resources in cybersecurity risk management, according to a new study developed by the Georgia Tech Information Security Center (GTISC). Data shows 63% of survey respondents are actively addressing computer and information security, up from 33% just three years ago. Additionally, more than half (53%) of corporate boards have established a risk committee to oversee best cybersecurity practices.

“The report clearly reflects a sea change from the attention boards were paying to cybersecurity issues in the 2008, 2010, and 2012 surveys,” said Jody Westby, who authored the series of survey reports. “For the first time, directors and officers understand they have a fiduciary duty to protect the digital assets of their companies and are paying more than cursory attention to cyber risks. It is a welcome change that will help protect shareholders and customers.”

As part of their threat reduction strategy, 48% of firms are focused on cyber insurance coverage, a 20-point increase compared to 2012. Companies also are placing a much higher value on risk and security experience when recruiting board directors. About 60% of respondents said their board had a director with risk expertise, and nearly a quarter (23%) had one with cybersecurity expertise. Data shows firms in the financial sector appear to be leading global cybersecurity efforts, as 86% have created a risk committee separate from an audit committee.

Among regions, North American and European boards are paying significantly more attention to cyber risks in 2015, according to the survey. About 85% of North American companies and 58% of European firms have recently upped security efforts, a sharp increase from prior surveys. “It’s excellent to see that corporate executives are dramatically increasing efforts to manage cyber risks,” said Ryan Gillis, vice president of cybersecurity strategy at Palo Alto Networks, which offered support for the GTISC study. “Establishing an appropriate dialogue between technical experts and the executives who can prioritize resources is essential to effectively secure an organization.”